With the recent snowy weather in December, my roof sustained a fair amount of damage. Enough damage, in fact, to require a claim on the insurance. All well and good. In fact the insurance company have been very good and all is proceeding to plan.
However, they called me today, somewhat randomly, to inform me that the claim was proceeding normally. They called me and then asked me to provide details to ‘prove’ who I was. I said, before I do that, can you prove who you are? And they couldn’t. There’s no information they could give me over the phone to demonstrate that they were who they said they were.
Why am I so cautious? Well, why not. It’s trivially easy to spoof a phone number on ID, and this was ‘withheld’ anyway. I ended the call, looked up their number on my policy document and rang back in – it was the only way to (mostly) ensure that I was talking to who I thought I would be.
So it made me think: if we need to prove who we are when we call them, why shouldn’t they prove who they are when they call us. And the easiest way to do that is to give a piece of information that only they could know, essentially, something that you’ve given them as a password only to be given back to you – not for you to access the account.
Of course, it will never happen … (sigh).